We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress CMS stores most of its settings in a database, attackers […]
Tag Archives: passwords
3-D Secure SMS-OTP Phishing
One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the victim’s payment method. The phishing page prompts victims to provide their payment details to prevent account lockout: What’s interesting about this phishing page is that it selectively targets victims within […]
Creative Phishing for Digital Gold on RuneScape
RuneScape is an extremely popular massive multiplayer online game. With over 200 million generated accounts, its claim to fame is that it’s one of the largest free MMORPG’s ever created. At the current time of writing, 1 million in-game gold pieces is valued at around $0.60 USD on the black market. The wealthiest players can […]
6 Simple Steps for Hardening your WordPress Security
Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks. 6 ways to Harden WordPress Security You can harden your WordPress site by following these six simple steps: 1 – Keep WordPress updated It is important to keep […]
Password Attacks 101
One of the most common attacks carried out nowadays is related to cracking passwords, but most people probably just know about brute-forcing. There are, in fact, other kinds of attacks around passwords. Let’s take a look at three kinds of password attacks. Brute Force Attacks Brute forcing in its essence is trying many passwords to […]
Personal Online Security – Account Management
Continuing a series on how to better strengthen your personal online privacy, we are looking to take personal inventory of how we connect online. These were themes covered during our webinar “Security Beyond Your Website: Personal Online Privacy” and in a Twitter conversation (through the #Digiblogchat weekly forum) on this same topic. The first posts […]
How Passwords Get Hacked
How many passwords do you use in a given day? Everything on the internet requires a password. It can be tough to keep track of them all and keep coming up with strong passwords. For proof, listen to the grumblings in most office buildings on the day passwords are set to expire. The disdain for […]
Why Reinfections Happen with a WAF
A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect against threats over HTTP/HTTPS, the website can still be hacked from the inside. Cross-site Contamination One common way that websites get reinfected is through cross-site […]
FTP Logs Used to Determine Attack Vector
Logs can be very useful because they are a record of what was done by whom. They are especially useful when you need to find out more on how a website has been compromised. Since our job at Sucuri is to clean website malware, we don’t have any access to logs, or what we can […]
WordPress Hacks: 5 Ways to Protect WordPress from Hacking
WordPress is one of the most popular content management systems (CMS) out there. That’s why it is vital to prevent WordPress hacking. Statistically, over 33% of websites currently run on WordPress. This post is not a “one size fits all” overview, as there are many other ways to protect WordPress from hacking. Here at Sucuri, […]